Blog Post

Genetic Privacy | Bioethics — WPF filed comments with the Presidential Commission for the Study of Bioethics today urging the Commission to recognize the need for enhanced genetic privacy protections in a digital world. WPF noted that “The increasing identifiability of genetic data presents major privacy issues for research activities that must be acknowledged and addressed.” WPF suggested four key ways that Certificate of Confidentiality programs could be enhanced for privacy protection, and urged the Commission to speak out about the importance of protecting patient privacy in research activities involving genetic information. “The Commission should advocate providing patients with reasonable controls over research uses of their data as electronic records develop and spread throughout the health care system.” Public comments may be submitted to the Commission until May 25, 2012.

Medical ID Theft — WPF has completely updated its landmark medical identity theft tips and advice for patients and consumers. “The new FAQcontains detailed advice for anyone who is a victim of medical ID theft, or is worried about becoming one,” says Pam Dixon. “The FAQ and our shorter consumer tips have been updated to reflect our most recent research.” In 2006, WPF published the first known report on medical ID theft and coined the term. Since then, WPF has been in the forefront of researching this crime and working to assist victims and those working with victims

WPF Completes Medical ID Theft Training — Pam Dixon of WPF conducted a detailed training for law enforcement and health care professionals on medical identity theft detection, prevention, and cures. The training was held at the campus of the Denver Health Medical Center.

In a rare enforcement action of HIPAA, HHS fined an Arizona health care provider $100,000 for a variety of HIPAA violations, especially regarding electronic exchanges of protected health information. The HHS document outlining the reasons for the fine should act as a wake-up call to health care providers using public email, calendaring, and other tools for communication of ePHI. HHS specifically noted that the fined health care provider did not conduct an adequate risk assessment prior to using the email and Internet tools. The full HHS document is a must-read for health care providers. WPF has been warning about the need for full e-risk assessments since 2005 and strongly advocates for medical-identity-theft-specific risk assessments.

WPF comments on Multi-Stakeholder Process — WPF filed two sets of comments with the US Department of Commerce regarding the MultiStakeholder Process and the privacy topics to be taken up. The first set of comments were WPF’s formal filing of the joint Civil Society MultiStakeholder Principles on behalf of WPF and the American Civil Liberties Union, Center for Digital Democracy, Consumer Action, Consumer Federation of America, Consumers’ Union, Consumer Watchdog, Electronic Frontier Foundation, National Consumers’ League, Privacy Rights Clearinghouse, and US PIRG. The second set of comments were WPF’s own comments to the Department. WPF urged the Department to employ a fair process, choose focused topics, and to apply the full range of the Consumer Privacy Bill of Rights to each topic.

To score is human. Ranking individuals by grades and other performance numbers is as old as human society. Consumer scores — numbers given to individuals to describe or predict their characteristics, habits, or predilections — are a modern day numeric shorthand that ranks, separates, sifts, and otherwise categorizes individuals and also predicts their potential future actions. This new report by Pam Dixon and Robert Gellman explores this issue of predictive scores and privacy.

This Jan. 30, 2014 report discusses a new right to restrict disclosure of health information under the updated HIPAA health privacy rule. The new provision called “Pay Out of Pocket,” also called the “Right to Restrict Disclosure” gives patients the right to request that their health care provider not report or disclose their information to their health plans when they pay for medical services in full. Navigating the new right will take effort and planning for patients to utilize effectively. This substance of this report is about the new patient right to restrict disclosure, and how patients can use it to protect health privacy.

This report focuses on government use of commercial data brokers, the implications for that usage, and what needs to be done to address privacy problems. The government must bring itself fully to heel in the area of privacy. If it is going to outsource its data needs to commercial data brokers, it needs to attach the privacy standards it would have been held to if it had collected the data itself. Outsourcing is not an excuse for evading privacy obligations. Report authors: Bob Gellman and Pam Dixon.